<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Spring Boot 跨域实现完全指南</title>
    <link rel="stylesheet" href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css">
    <link rel="stylesheet" href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            background: linear-gradient(135deg, #f5f7fa 0%, #c3cfe2 100%);
            min-height: 100vh;
        }
        
        .hero-gradient {
            background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
            position: relative;
            overflow: hidden;
        }
        
        .hero-gradient::before {
            content: '';
            position: absolute;
            top: 0;
            left: 0;
            right: 0;
            bottom: 0;
            background: url("data:image/svg+xml,%3Csvg width='60' height='60' viewBox='0 0 60 60' xmlns='http://www.w3.org/2000/svg'%3E%3Cg fill='none' fill-rule='evenodd'%3E%3Cg fill='%23ffffff' fill-opacity='0.05'%3E%3Cpath d='M36 34v-4h-2v4h-4v2h4v4h2v-4h4v-2h-4zm0-30V0h-2v4h-4v2h4v4h2V6h4V4h-4zM6 34v-4H4v4H0v2h4v4h2v-4h4v-2H6zM6 4V0H4v4H0v2h4v4h2V6h4V4H6z'/%3E%3C/g%3E%3C/g%3E%3C/svg%3E");
        }
        
        .content-card {
            background: rgba(255, 255, 255, 0.95);
            backdrop-filter: blur(10px);
            box-shadow: 0 20px 40px rgba(0, 0, 0, 0.1);
            transition: all 0.3s ease;
        }
        
        .content-card:hover {
            transform: translateY(-5px);
            box-shadow: 0 25px 50px rgba(0, 0, 0, 0.15);
        }
        
        .code-block {
            background: #1e1e1e;
            color: #d4d4d4;
            border-radius: 12px;
            padding: 1.5rem;
            overflow-x: auto;
            position: relative;
            font-family: 'Consolas', 'Monaco', monospace;
        }
        
        .code-block::before {
            content: attr(data-lang);
            position: absolute;
            top: 0.5rem;
            right: 1rem;
            color: #858585;
            font-size: 0.75rem;
            text-transform: uppercase;
        }
        
        .section-title {
            position: relative;
            display: inline-block;
            margin-bottom: 2rem;
        }
        
        .section-title::after {
            content: '';
            position: absolute;
            bottom: -10px;
            left: 0;
            width: 60px;
            height: 4px;
            background: linear-gradient(90deg, #667eea 0%, #764ba2 100%);
            border-radius: 2px;
        }
        
        .method-card {
            background: linear-gradient(135deg, #f093fb 0%, #f5576c 100%);
            color: white;
            padding: 2rem;
            border-radius: 16px;
            position: relative;
            overflow: hidden;
        }
        
        .method-card::before {
            content: '';
            position: absolute;
            top: -50%;
            right: -50%;
            width: 200%;
            height: 200%;
            background: radial-gradient(circle, rgba(255,255,255,0.1) 0%, transparent 70%);
            animation: pulse 3s ease-in-out infinite;
        }
        
        @keyframes pulse {
            0%, 100% { transform: scale(1); opacity: 0.5; }
            50% { transform: scale(1.1); opacity: 0.3; }
        }
        
        .highlight-box {
            background: linear-gradient(135deg, #e0c3fc 0%, #8ec5fc 100%);
            padding: 1.5rem;
            border-radius: 12px;
            border-left: 4px solid #667eea;
        }
        
        .floating-icon {
            animation: float 3s ease-in-out infinite;
        }
        
        @keyframes float {
            0%, 100% { transform: translateY(0); }
            50% { transform: translateY(-10px); }
        }
        
        .mermaid {
            display: flex;
            justify-content: center;
            margin: 2rem 0;
        }
    </style>
</head>
<body>
    <!-- Hero Section -->
    <div class="hero-gradient text-white py-20 px-6">
        <div class="max-w-6xl mx-auto text-center">
            <div class="floating-icon inline-block mb-6">
                <i class="fas fa-globe-asia text-6xl opacity-80"></i>
            </div>
            <h1 class="text-5xl md:text-6xl font-bold mb-6" style="font-family: 'Noto Serif SC', serif;">
                Spring Boot 跨域实现
            </h1>
            <p class="text-xl md:text-2xl opacity-90 max-w-3xl mx-auto leading-relaxed">
                掌握 CORS 机制，轻松解决前后端分离架构中的跨域难题
            </p>
        </div>
    </div>

    <!-- Main Content -->
    <div class="max-w-6xl mx-auto px-6 py-12">
        <!-- CORS Introduction -->
        <div class="content-card rounded-2xl p-8 mb-12">
            <h2 class="section-title text-3xl font-bold text-gray-800 mb-6">
                <i class="fas fa-info-circle mr-3 text-purple-600"></i>什么是跨域？
            </h2>
            
            <div class="highlight-box mb-6">
                <p class="text-lg leading-relaxed">
                    <strong>跨源资源共享</strong>（CORS，Cross-Origin Resource Sharing）是一种基于 HTTP 头的机制，
                    它允许服务器标示除了它自己以外的其他源（域、协议或端口），使得浏览器允许这些源访问加载自己的资源。
                </p>
            </div>
            
            <div class="text-center my-8">
                <div class="mermaid">
                    graph LR
                        A[浏览器] -->|发起请求| B[同源检查]
                        B -->|同源| C[允许访问]
                        B -->|跨域| D[CORS检查]
                        D -->|有CORS头| E[允许访问]
                        D -->|无CORS头| F[拒绝访问]
                        style A fill:#667eea,stroke:#fff,stroke-width:2px,color:#fff
                        style C fill:#48bb78,stroke:#fff,stroke-width:2px,color:#fff
                        style E fill:#48bb78,stroke:#fff,stroke-width:2px,color:#fff
                        style F fill:#f56565,stroke:#fff,stroke-width:2px,color:#fff
                </div>
            </div>
            
            <p class="text-gray-700 leading-relaxed">
                跨域资源共享还通过一种机制来检查服务器是否会允许要发送的真实请求，该机制通过浏览器发起一个到服务器托管的跨源资源的"预检"请求。
                在预检中，浏览器发送的头中标示有 HTTP 方法和真实请求中会用到的头。
            </p>
        </div>

        <!-- Implementation Methods -->
        <div class="grid grid-cols-1 md:grid-cols-2 gap-8 mb-12">
            <!-- Method 1: Global Configuration -->
            <div class="content-card rounded-2xl p-8">
                <h3 class="text-2xl font-bold text-gray-800 mb-4">
                    <i class="fas fa-cog mr-2 text-blue-600"></i>全局配置
                </h3>
                <p class="text-gray-600 mb-6">
                    通过实现 WebMvcConfigurer 接口，统一管理应用程序中所有 Controller 的跨域规则。
                </p>
                <div class="code-block" data-lang="java">
                    <pre>@Configuration
public class CorsConfiguration implements WebMvcConfigurer {
    
    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**")
                .allowedOrigins("http://example.com")
                .allowedMethods("GET", "POST", "PUT", "DELETE")
                .allowedHeaders("*")
                .allowCredentials(true)
                .maxAge(3600);
    }
}</pre>
                </div>
            </div>

            <!-- Method 2: Annotation Configuration -->
            <div class="content-card rounded-2xl p-8">
                <h3 class="text-2xl font-bold text-gray-800 mb-4">
                    <i class="fas fa-tag mr-2 text-green-600"></i>注解配置
                </h3>
                <p class="text-gray-600 mb-6">
                    使用 @CrossOrigin 注解在特定的 Controller 或方法上配置跨域规则。
                </p>
                <div class="code-block" data-lang="java">
                    <pre>@RestController
public class MyController {

    @GetMapping("/hello")
    @CrossOrigin(origins = "http://example.com", 
                 methods = {RequestMethod.GET})
    public String hello() {
        return "Hello, World!";
    }
}</pre>
                </div>
            </div>
        </div>

        <!-- Filter Configuration -->
        <div class="content-card rounded-2xl p-8 mb-12">
            <h3 class="text-2xl font-bold text-gray-800 mb-6">
                <i class="fas fa-filter mr-2 text-orange-600"></i>过滤器配置
            </h3>
            <p class="text-gray-600 mb-6">
                通过自定义过滤器更加灵活地控制跨域请求的处理逻辑，可以针对特定的请求进行定制化处理。
            </p>
            <div class="code-block" data-lang="java">
                <pre>@Component
public class CorsFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, 
                        FilterChain chain) throws IOException, ServletException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.setHeader("Access-Control-Allow-Origin", "http://example.com");
        httpResponse.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE");
        httpResponse.setHeader("Access-Control-Allow-Headers", "*");
        httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpResponse.setHeader("Access-Control-Max-Age", "3600");
        chain.doFilter(request, response);
    }
}</pre>
            </div>
        </div>

        <!-- Spring Security Configuration -->
        <div class="method-card mb-12">
            <h3 class="text-3xl font-bold mb-6">
                <i class="fas fa-shield-alt mr-3"></i>使用 Spring Security
            </h3>
            <p class="text-xl mb-6 opacity-90">
                Spring Security 提供了丰富的安全功能，包括跨域请求的处理。
            </p>
            <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
                <div class="bg-white bg-opacity-20 rounded-lg p-6">
                    <h4 class="text-lg font-semibold mb-3">添加依赖</h4>
                    <div class="code-block" data-lang="xml">
                        <pre>&lt;dependency&gt;
    &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
    &lt;artifactId&gt;spring-boot-starter-security&lt;/artifactId&gt;
&lt;/dependency&gt;</pre>
                    </div>
                </div>
                <div class="bg-white bg-opacity-20 rounded-lg p-6">
                    <h4 class="text-lg font-semibold mb-3">配置类</h4>
                    <div class="code-block" data-lang="java">
                        <pre>@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.cors(); // 启用跨域请求处理
    }
}</pre>
                    </div>
                </div>
            </div>
        </div>

        <!-- Frontend Solutions -->
        <div class="content-card rounded-2xl p-8">
            <h3 class="text-2xl font-bold text-gray-800 mb-6">
                <i class="fas fa-laptop-code mr-2 text-purple-600"></i>前端解决方案
            </h3>
            
            <div class="grid grid-cols-1 md:grid-cols-3 gap-6">
                <div class="bg-gradient-to-br from-blue-50 to-purple-50 p-6 rounded-lg">
                    <i class="fas fa-exchange-alt text-3xl text-blue-600 mb-3"></i>
                    <h4 class="font-semibold text-lg mb-2">CORS 头部信息</h4>
                    <p class="text-gray-700">在请求中添加 Access-Control-Allow-Origin 等头部信息</p>
                </div>
                
                <div class="bg-gradient-to-br from-green-